WORKPLACE PRIVACY AFTER COVID-19
Digital Rights Program
August 13, 2020
PUBLIC CITIZEN Workers Privacy After COVID-19
ACKNOWLEDGMENTS This report was written by Burcu Kilic, director of Public Citizen’s Digital Rights Program, with assistance from Scott Hulver, intern in the Digital Rights Program. It has greatly benefited from comments provided by Robert Weissman, Peter Maybarduk, Jane Chung and expert editing skills of David Rosen.
Special thanks to Bret Thompson and James Smathers for their assistance with layout and graphic design.
Cover image by James Smathers is licensed under Creative Commons.
ABOUT PUBLIC CITIZEN Public Citizen is a national non-profit organization with more than 500,000 members and supporters. We represent consumer interests through lobbying, litigation, administrative advocacy, research, and public education on a broad range of issues including consumer rights in the marketplace, product safety, financial regulation, worker safety, safe and affordable health care, campaign finance reform and government ethics, fair trade, climate change, and corporate and government accountability.
Contact Public Citizen
Main Office Capitol Hill Texas Office 1600 20th Street NW 215 Pennsylvania Avenue SE, #3 309 E 11th Street, Suite 2 Washington, D.C. 20009 Washington, D.C. 20003 Austin, Texas 78701
Phone: 202-588-1000 Phone: 202-546-4996 Phone: 512 477-1155
For more information, please visit www.citizen.org.
2 PUBLIC CITIZEN Workers Privacy After COVID-19
TABLE OF CONTENTS
Workplace Privacy After COVID-19 ...... 4 Introduction ...... 4 How Do Workplace-Surveillance Technologies Threaten Workers’ Privacy? ....6 Overview of COVID-19 Workplace-Surveillance Technologies ...... 7 Best Practices for Employers Considering Introducing Workplace Surveillance .12
3 PUBLIC CITIZEN Workers Privacy After COVID-19
WORKPLACE PRIVACY AFTER COVID-19
The workplace is “where invasive technologies are normalized among captive populations of employees.”
- Shoshana Zuboff, The Age of Surveillance Capitalism
Introduction
COVID-19 dramatically has changed how we think about the workplace. As businesses reopen and workers return, the spread of the coronavirus (COVID-19) is a serious concern. Amid the unrelenting first wave of infections and the prospect of recurring future waves, employers have been turning to new technologies to mitigate the risks – introducing a vast array of apps, wearables and other technologies. In a work setting, where activities are governed by a contractual or power relationship, many workers either must accept the new high-tech workplace surveillance or risk losing their jobs.
Without sufficient government regulation and guidelines, employers using these technologies are invading workers' privacy to varying degrees. Some technologies may place various worker rights in jeopardy, including the right to equal treatment, by:
• Tracking, monitoring, collecting and sharing personal data, including sensitive health data;
• Directly sharing data with employers, bypassing worker consent; and
• Posing increased cybersecurity risks.
The speed at which these new technologies have been deployed is concerning. Fifty new apps and technologies have been released since the pandemic began, not accounting for existing, unchanged technologies that now are being marketed as workplace surveillance tools to combat COVID-19. On June 16 alone, both Fitbit and Amazon released new workplace surveillance tools. From an employer’s perspective, this rapid deployment is driven mainly by the urge to bring workers back to the workplace. But the invasion of privacy that workers face is alarming, especially considering that the effectiveness of these technologies in mitigating the spread of COVID-19 has not yet been established.
4 PUBLIC CITIZEN Workers Privacy After COVID-19
The default setting of most workplace surveillance apps is “mass surveillance by default.” For instance, Microsoft and UnitedHealth Group’s ProtectWell app sends COVID-19 diagnostic test results directly to the employer, bypassing the worker. Other apps don’t treat workers’ data as being subject to the requirements of the Health Insurance Portability and Accountability Act (HIPAA), meaning the data does not have to be securely handled and protected in accordance with HIPAA’s health information privacy provisions. Some The default setting of most wearables are tracking employees’ locations to identify and encourage behaviors. For workplace surveillance apps example, if a worker has not spent enough is “mass surveillance by time close to a sink, the app will identify them default.” as likely not having spent enough time washing their hands.
This report identifies nearly 50 apps and technologies being introduced into the workplace. COVID-19 health tracking technology currently is being used by at least 32 employers1 to track at least 340,000 workers2 and is available to up to 14,0003 additional employers and almost 4 million workers4. The report describes what the apps are and how they work, highlighting specific privacy concerns. It concludes with a checklist of best practices for employers as they consider whether to introduce surveillance technologies into their workplaces.
1 We have identified 32 employers that have either self-reported or identified in the news as adopting these technologies. 2 340,000+ workers is an estimate based on how the company is rolling out the technology (office v. manufacturing plant, a particular location, etc.). In the absence of any information about who would be using it or how many workers would be tracked, we estimated based on the kind of technology and workforce size. 3 Many companies have released technologies embedded within existing systems and made these updates free to customers. We calculated the employers that could be using these technologies based on which businesses are existing customers and would have access to these updates. 4 Based on how many employers had access to these free updates, we calculated the size of their workforce, estimating employees using the existing technology. This number, although it could be lower, is likely significantly higher as our customer and workforce estimates were conservative.
5 PUBLIC CITIZEN Workers Privacy After COVID-19
How Do Workplace-Surveillance Technologies Threaten Workers’ Privacy?
Listed below are three apps being introduced into the workplace that invade workers’ privacy. For each product, workers download the app onto their mobile phones and periodically fill out a survey of self-reported medical information, such as COVID-19 symptoms and temperature. Employers can access workers’ information through a reporting platform, which allows employers to view self-reported medical information and identify workers who could have been exposed to other sick workers.
Here are some of their most alarming privacy-violating features, as described by their makers:
ProtectWell by Microsoft and United Health
• “Employers can direct their workers to a streamlined COVID-19 testing process that enables closed-loop ordering and reporting of test results directly back to employers.” - Microsoft Press Release
• “Any information disclosed to us in connection with the Site and the ProtectWell App is not protected health information, as defined under the Health Insurance Portability and Accountability Act of 1996 (‘HIPAA’)...” - ProtectWell Privacy Policy
• “We may obtain additional information about you from third parties such as marketers, partners, researchers, and others. We may combine information that we collect from you with information about you that we obtain from such third parties and information derived from any other subscription, product, or service we provide.” - ProtectWell Privacy Policy
6 PUBLIC CITIZEN Workers Privacy After COVID-19
Healthcheck by Stratum
• “Our workers and agents may view your Personal Information...” - Healthcheck Privacy Policy • “If you are accessing on a mobile device, we will automatically collect personal data including device, content and usage data… We also collect IP address access location to determine your current location…” - Healthcheck Privacy Policy
COVID-19 Worker Safety and Business Continuity Tracker by Pegasystems
• Your personal information may be transferred, processed and stored outside the country where your information was collected by using or attending a Service...” - Pegasystems Privacy Notice
Overview of COVID-19 Workplace-Surveillance Technologies
Table 1: Apps in which Workers Self-report Health Information
App How it works Who’s Using it?
Pegasystems Tool for employers to build custom Unclear; introduced as part of an existing COVID-19 symptom survey apps; data platform, to which these 60 companies have is aggregated in a central dashboard access for the employer. Back to Work Workers fill out a pre-set survey Unclear; embedded in a platform used by 100+ (Cordata) embedded in the existing app; data is companies aggregated in a central dashboard.
Arcoro Worker survey built into existing time Titan roofing, a small business in clock app; data stored on the cloud. Massachusetts
Workforce Tool for employers to build custom Unclear; separate app from what current Safety (Appian) COVID-19 symptom survey apps; data customers use is aggregated in a central dashboard for the employer. Landing AI Camera monitoring system to identify Undisclosed people who are not socially distanced.
ProtectWell Tool for employers to build custom United Health is rolling it out for their workers; (Microsoft & COVID-19 symptom survey apps; data Microsoft planning to use United Health) is aggregated in a central dashboard for the employer.
7 PUBLIC CITIZEN Workers Privacy After COVID-19
HealthChampion COVID-19 symptom survey embedded Undisclosed in existing app, data is aggregated in a central dashboard. Work.com Tool for employers to build custom Undisclosed (Salesforce) COVID-19 symptom survey apps & contact tracing; data is aggregated in a central dashboard for the employer. Check-In (PwC) Workers submit health status; app also PwC will use internally; unclear who else has automatic contact tracing.
Check-In Online Digital form to gather information Canon from employees, visitors, automatically process the information and complete simple calculations. HealthCheck Workers fill out a pre-set survey; data “Several Wall Street banks and retail and (Stratum) is aggregated in a central dashboard. insurance companies have signed on or are in talks to use HealthCheck” Dayforce Managers can pull up reports and draw Undisclosed Worker Safety insights based on workers’ self- Monitoring reported data. (Ceridian) SafetyTek Helps managers in workplace settings Undisclosed track the health of their personnel with an easy-to-follow COVID-19 self- assessment tool. Agility (Net COVID-19 tracking embedded in Undisclosed Health) existing platform that focuses on exposure tracking among medical frontrunners. COVID19Tracker AI-powered scoring system designed to Undisclosed (Kokomo24/7) manage false positives and pinpoint at- risk workers more accurately. Mayo Clinic Uses the clinic's electronic health Rochester, Florida, and Arizona Mayo Clinic records to help notify any staff campuses members that may have been exposed to a patient or staff member who's tested positive. Emocha Workers fill out a pre-set survey; data Five hospitals in Baltimore area and Johns is aggregated in a central dashboard. Hopkins
PRA Health Workers fill out symptom survey; “in discussions with academic institutions, Sciences employers tag workers with one of governmental organizations, health three severity categories. departments and other private businesses” Health Check Screens workers for symptoms; data Kapow Noodle Bar (Harri) aggregated in a central dashboard.
Social Safety Uses Bluetooth to give a warning if too Not yet released, preparing for private beta- App (FROM) close to another worker. testing
WellnessCheck App or website screens workers for Undisclosed (Pinpoint symptoms; data aggregated in a Health) central dashboard.
8 PUBLIC CITIZEN Workers Privacy After COVID-19
SaferMe Symptom survey coupled with geo- Lists customers but unclear for which product; tracking for employers to manage. CEO quoted saying 10,000s were using it, just signed with Fortune 500 company Back on Track Health symptoms uploaded through Maranello and Modena offices (Ferrari) app, contact tracing enabled.
Table 2: Wearables Tracking Workers’ Locations
App How it works Who’s Using it? AiRSTA Flow Bracelets use Bluetooth to track In talks with hundreds of companies, and interactions. historically a big set of clients has been prisons Blackline Safety Wearables plus an app used for Emergency response business contact tracing. CarePredict Wearables track location and time of Several nursing homes, e.g. the Legacy at contact in a centralized dashboard for Town Square in Austin, TX nursing home staff and residents. CenTrak Radio-frequency identification (RFID)- Already installed in 1,700+ facilities enabled lanyards worn by workers provide time and location data to track if workers are taking health precautions (e.g. washing their hands). Estimote GPS location tracking and Bluetooth Unclear, but past clients of the company contact tracing; collected information include Amazon, Apple and Nike is centrally stored and displayed on a health dashboard that “provides detailed logs of possible contacts.” Ready for Work Wearable feeds health information Undisclosed (Fitbit) into app along with self-reported symptom information for employers to decide who is cleared for work. Rombit Bracelets beep if not social distancing. Belgian ports (thousands of workers) PointGrab Cameras and sensors track distance Companies including Philips and Mitsubishi between people and whether good hygiene is being practiced . Proximity Trace Wristbands notify wearer if within 6 Undisclosed (Triax) feet of another worker and track contact for exposure tracing. Safezone Wristbands notify workers if they’re New York Knicks, Chicago Bulls, Paris St too close together and give contract Germain; Eintracht Frankfurst (Bundesliga); tracing notifications. “major automotive manufacturer in Germany and a food manufacturer in the US” TraceSafe Bracelet with an embedded chip and Hong Kong immigration quarantine program; related software to track the wearer's Toronto Wolfpack Stadium location. TraceTag Device of Proximity Trace is affixed to Gilbane Building Company any hardhat or worn on the body for proximity detection and contact tracing. Workers interactions are
9 PUBLIC CITIZEN Workers Privacy After COVID-19
logged for contact tracing in the event of a conformed COVID-19 case on site. Universal Workers wear wristbands or badges to Many different settings, no specifics disclosed. Contact Tracing track contact with other workers. (Microshare)
Table 3: Hardware (Cameras, Sensors, etc.) Tracking Workers’ Locations
App How it works Who’s Using it? Distance Camera feeds to monitor, showing a Will be made open source Assistant live stream of workers augmented by 6 (Amazon) foot circle, for workers to see if they are social distancing. Health Pass by Users need to upload personal health In talks with restauranteur Danny Meyer (25 CLEAR documents, including test results for restaurants and Shake Shack) and New York COVID-19; upon entering office, users Mets go through facial recognition scanning, take a real-time health quiz, and provide proof of their previous COVID- 19 test by scanning a QR code. KastleSafeSpace Touchless technology, integrating Monday Properties (national real estate s virus-screening and contact tracing investment and development company) processes. MotionWorks Proximity sensing with user-level Zebra’s own distribution centers in the Proximity alerting and contact tracing. Netherlands (Zebra) NICE Alliance Working to make cameras “Pushing for adoption by elevator interoperable with capabilities for management firms… discussion is underway detecting social distancing, face mask with the city of Tel Aviv to monitor public use and temperature. transportation and schools” still in trial and will be rolled out to early adopters in the Fall5
Nodle M1 Device tracks distance and notifies Says they have “received interest from large workers with a buzz when they get too enterprises in the U.S. and Europe for several close to one another; supposedly more million units”, but doesn’t specify precise than smartphone-based solution, and without the need for location. Pop ID Scans body temperature for those who CaliBurger (international restaurant chain with want to enter; face payment for no seven locations in the U.S.6); Subway franchise contact transactions; replace key cards owners (about 50 restaurants); Lemonade by automatically unlocking doors for (California restaurant chain); Taco Bell workers whose faces are recognized. locations
5 https://finance.yahoo.com/news/post-lockdown-smart-cameras-could-134549590.html 6 https://findbiometrics.com/caliburger-uses-biometric-tech-guard-against-covid-19-032603/
10 PUBLIC CITIZEN Workers Privacy After COVID-19
Radiant RFID Workers receive a vibration and a Ford factories color-coded warning on the watch when they are closer than six feet to another person; supervisors also receive alerts and reports. Sewio Workplace-specific contact tracing 21 companies around the world using sensors and worker badges to track workers’ locations. Smartvid.io Camera monitor social distancing and Unclear; introduced as part of software that health practices (ex. wearing masks). these companies use VergeSense Wireless Sensor that measures Customers include Roche, Cisco, Shell, BP, distance between employees and Telus, Rapid7, JLL, Quicken Loans, Fresenius interaction frequency, analyses data and produces daily social distancing report on social distancing.
11 PUBLIC CITIZEN Workers Privacy After COVID-19
BEST PRACTICES FOR EMPLOYERS CONSIDERING INTRODUCING WORKPLACE SURVEILLANCE
• Gather as much information as you can to make an informed decision: Ask the Right • How does the product work? Questions • What data is being collected? • What is the purpose for such collection? Could you achieve the same results without collecting personal data? • Where will the data be stored? Will it be stored on an individual's device or on a separate server? • How long will the app keep the data? Is there any justification for the app to keep the data beyond 30 days? • Will the data be shared with public health authorities? • Does the developer have access to the data? • Will the developer share personal data with third parties?
Limit Data Articulate why you need each functionality of the app and take steps to ensure that: • Data collection is limited to what is truly necessary. Collection to • A time frame is provided for how long collected data will be retained, and data is Essentials kept no longer than is needed. • Access to and use of the data is restricted to authorized people and only for the appropriate amount of time. • Restrictions are placed on third-party sharing of data. • Data is not repurposed.
Ensure Cyber Promote the use of encryption, pseudonymization and anonymization where Security appropriate.
Be transparent with workers, creating formal practices to: Transparency & • Provide a privacy notice, inform employees about the type of data the app collects, Disclosure how the data would be used, who has access to the data and when the data will be deleted. • Establish open and transparent communication: encourage workers to voice concerns and ask questions.
Promote workers’ rights by implementing policies that:
Worker Opt-In & • Provide apps on a voluntary basis and seek informed consent of workers to secure Rights their trust and confidence. • Ensure workers have the right to access, correct and delete their information, withdraw their consent any time, have the right to receive an explanation when their data is used and challenge those uses if necessary.
12
PUBLIC CITIZEN Workers Privacy After COVID-19
Restrict Collection and processing of biometric data should only be considered as a last resort if there are no other less intrusive means available. It should be necessary and limited to Collection of the minimum required to achieve the purpose and be done only with full and informed Biometric Data consent, subject to clearly defined restrictions on collection, use, storage and destruction of that data.
Introduce Create written internal policies and share them with workers, in order to: • Enforce tight controls to the data. Internal • Clarify who has access to data. Policies & • Develop confidentiality guidelines, implement operating procedures. Procedures • Establish a designated point person for COVID-19-related privacy issues and procedures, who is trained to maintain worker privacy and confidentiality.
Before deploying these apps, employers should take caution to fully vet the technologies being used to ensure the utmost privacy and confidentiality at the workplace.
13 PUBLIC CITIZEN Workers Privacy After COVID-19
www.citizen.org
14